Saturday, April 22, 2017

Cyber Updates - 22/04

Hey all,

Here are this week's cyber updates:

(1) Browsers use Punycode encoding in order to represent Unicode characters in the URL and protect against Homograph phishing attacks.

Google Chrome, Mozilla Firefox and Opera were vulnerable to a phishing attack due to a flawed implementation of the above encoding. The loophole relies on the fact that if someone chooses all characters for a domain name from a single foreign language character set, resembling exactly the same as the targeted domain, then browsers will render it in the same language, instead of the Punycode format.

This has allowed attackers to redirect users to a website while presenting a different URL in the address bar.

(2) Last week we’ve reported a security incident in Marriott. This week it is IHG’s turn to reach the headlines. The company was infected with a malware that searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) from the magnetic stripe of a payment card as it was being routed through the affected hotel server.

Be sure to check your credit card transactions if you stayed at an IHG hotel on or after September 29, 2016.

Comsec Group Blog

Comsec Group, founded in 1987, is a pioneering market leader, providing all-inclusive Cyber and Information Security services to clients around the globe. Our mission is to serve our clients as trusted advisors, by securing their information and operational assets, ensuring the achievement of their business goals.